How to Set up and Analyse STUSOBTRACE
09 July 2026

How to Set up and Analyse STUSOBTRACE

SAP Security & GRC

About

Listen to the SAP Security & GRC podcast – helping you on your journey to effective access risk management in SAP.

In this episode, Ross Robertson covers the SAP Authorisation Trace at the application level – STUSOBTRACE – which reveals exactly what authority checks a given SAP application (a transaction, Fiori OData service, RFC function module, or background job) performs at runtime. It’s the final piece in our authorisation tracing mini-series, following STAUTHTRACE (E09) and STUSERTRACE (E10).

🔑 Key Takeaways:

What STUSOBTRACE is and how the application-level view differs from STAUTHTRACE and STUSERTRACE

How to activate it via the auth/authorization_trace parameter in both the dynamic (RZ11) and static (RZ10) profiles

Parameter values N / Y / F – and why Y usually works at the application level while the per-user trace leans on F

How unique-once recording keeps it viable as a long-term trace

Why the “changed by” user is only the first to trigger a check – and the analysis trap to avoid

Analysing by application or by authorisation object (e.g. every transaction that calls an object for Activity 01)

Real use cases: building SU24 authorisation defaults or identifying S/4HANA high-tier license usage.

👥 Featuring:

Ross Robertson – Senior SAP Authorisations Consultant, Soterion

🎧 Take me to the Podcast: 

https://soterion.com/podcast/